Security News

Scam email campaign masquerading as Avast sales team

Emma McGowan 23 Feb 2022

Whenever you come across a phishing attempt, report it to the proper authorities to protect both yourself and others.

Avast has become aware of an email scam campaign purporting to be from our sales team. The emails claim that the recipient’s Avast subscription has been renewed for $499.99. The fake invoice contains a US phone number and encourages the recipient to call with “any Queries or Question as such.” 

The email has been examined by our security specialists and it does not contain any malicious links or downloads. The “invoice” PDF also does not include any bank account or payment information, but it does claim that nearly $500 will be debited from the recipient’s account. 

Receiving a phishing email like this can be frightening — no one wants to think that they are about to lose $500 that they didn’t mean to spend. But a closer look reveals clues that the sender of the email is not who they say they are. 

First, many of these emails are being sent to people who are not Avast customers. If you are not a customer, there’s no way we — or any legitimate company — could or would “renew” your subscription. 

Second, the logo is wrong. Avast updated our logo last year and the one the scammers are using is out of date. 

Third, the grammar is strange to a native English speaker. For example, this sentence: “Here’s the Receipt for Your Payment towards the Renewal of Your Avast Security Softwares’s for Your Computer.” There’s random capitalization, odd cadence, and that extra apostrophe “s.” 

And, fourth, the sender’s email address is a random Gmail account. Emails from Avast will only be from an Avast domain, like avast.com or avg.com. (It’s also important to note that scammers often know how to spoof legitimate-looking email addresses, although that is not the case here.)

If you receive a phishing email like this one — or any email that feels off — don’t reply to the mail and don’t open any attachments or click on links. While this particular scam doesn’t contain any malicious downloads, many do — so it’s not worth taking the risk by checking it out yourself.

Whenever you come across a phishing attempt, it’s important to report it to the proper authorities to protect both yourself and others from falling victim to the scam unknowingly.